---
- name: Update apt cache
  ansible.builtin.apt:
    update_cache: yes
  become: true

- name: Install necessary packages
  ansible.builtin.apt:
    name: "{{ apt_packages }}"
    state: present
  become: true

- name: Ensure WireGuard directory exists
  ansible.builtin.file:
    path: "{{ wireguard_path }}"
    state: directory
    mode: "0700"
    owner: root
    group: root
  become: true

- name: Generate WireGuard server private key
  ansible.builtin.command:
    cmd: wg genkey
  register: wg_private_key
  become: true

- name: Save WireGuard server private key
  ansible.builtin.copy:
    content: "{{ wg_private_key.stdout | trim }}"
    dest: "{{ wireguard_private_key_file }}"
    mode: "0600"
    owner: root
    group: root
  become: true

- name: Read WireGuard private key from file
  ansible.builtin.slurp:
    src: "{{ wireguard_private_key_file }}"
  register: wg_private_key_file_content
  become: true

- name: Decode WireGuard private key
  ansible.builtin.set_fact:
    wg_private_key_content: "{{ wg_private_key_file_content.content | b64decode | trim }}"

- name: Generate WireGuard server public key (if not exists)
  ansible.builtin.stat:
    path: "{{ wireguard_public_key_file }}"
  register: public_key_stat
  become: true

- name: Generate WireGuard server public key
  ansible.builtin.shell:
    cmd: "wg pubkey < {{ wireguard_private_key_file }}"
  register: wg_public_key
  become: true

- name: Save WireGuard server public key
  ansible.builtin.copy:
    content: "{{ wg_public_key.stdout | trim }}"
    dest: "{{ wireguard_public_key_file }}"
    mode: "0644"
    owner: root
    group: root
  become: true

- name: Read WireGuard public key from file
  ansible.builtin.slurp:
    src: "{{ wireguard_public_key_file }}"
  register: wg_public_key_file_content
  become: true

- name: Decode WireGuard public key
  ansible.builtin.set_fact:
    wg_public_key_content: "{{ wg_public_key_file_content.content | trim }}"

- name: Create WireGuard configuration file
  ansible.builtin.template:
    src: "wg0.conf.j2"
    dest: "{{ wireguard_path }}/wg0.conf"
    owner: root
    group: root
    mode: "0600"
  become: true

- name: Enable and start WireGuard service
  ansible.builtin.service:
    name: "wg-quick@{{ wireguard_interface }}"
    state: started
    enabled: yes
  become: true